| Wisconsin
Water Well Association Journal January 15, 2003 Bioterrorism, Cyberterrorism and Water Supplies December 27, 2001 Wall Street Journal headline, "Officials Fear Terrorists Could Use 'BackFlow' to Push Toxins into Water Distribution Grids." Canton Ohio water department is put on notice that individuals have been seeking maps and information about the water system. Eventually two individuals are apprehended who had links to Osama Bin Laden. In St. Petersburg, Florida, authorities are keeping an eye on system-wide pressure for possible back-flow into the system. In Portland, Oregon, alarms are now triggered by smaller drops in water pressure. In Cleveland, Ohio officials are weighing whether to add more chlorine to their system. In 1998 in Neenah, Wisconsin, a water supply sabotage plot was intercepted. If it had succeeded, serious injury to the plant operator could have occurred along with either flooding or fire at the plant, toxic chlorine and ammonia release and extensive cleanup and flushing of the system. And so it goes, day after day, week after week, the FBI puts more systems on notice and many facilities initiate changes themselves. What has changed? One thing is certain, that after September 11, 2001 our whole world has changed. From a water supply standpoint, things that we thought about but rationalized out as just some one else's problem, are now more than likely to become our problem. There are three distinct hazards to our water supply system, as well as other utilities. They are physical, biological/chemical and cyberterrorism hazards. Recently the FBI put all water and wastewater systems on notice for possible terrorist cyber attacks. Now even our computers are a threat to our systems. Let's take a look at these threats and see exactly what the threat is. As we examine the threat, remember that for the most part this is a theoretical numbers game. We assume that what occurs in the laboratory is actually somewhat related to what will occur in the real world. In order to interrupt day-to-day activities, terrorists may target water and wastewater systems. Recent terrorist activities and information about the extent and objectives of terrorist organizations have heightened concern about potential deliberate attacks on public water supply systems. According to the presidential report on critical infrastructure (PCCIP, 1997), three attributes are crucial to water supply users:
Operators have been focusing their attention on terrorists since 9-11, but there are others that pose just as great a threat—if not greater. Vandals often have no specific goal in mind other than the destruction of property. Unfortunately vandals may also toss the material they are using to deface a building into the tanks causing a health problem. In Milwaukee, vandals walked into the pump houses on the shore of Lake Michigan and played on the computers until the utility secured the buildings. Disgruntled employees or contractors with their detailed knowledge of the systems, along with access rights, pose some of the greatest threats. They could easily contaminate the systems, shut the system off or over chlorinate the system causing illness and panic in the general population. Terrorists, on the other hand, desire publicity. Any type of physical or biological attack would immediately grant them unlimited access to the airwaves generating all the publicity they desire. Much has been written in the past about physical hazards. They will be mentioned briefly, and then other hazards will be introduced. Physical hazards are composed of structural failures caused by either external or internal forces. The more common hazards are attacks on the pump houses, aquifers or treatment facilities. The other threats are not so obvious, such as cross contamination, which could occur at any location outside of the plants/houses. Contamination can occur from crossing potable water pipes with wastewater pipes or by injecting the system (aquifer, delivery system or reservoir) with contaminates. Another threat may be posed by explosives. They are readily available and require a lower level of education to use than contaminants such as biological agents. Explosives can be developed or obtained and they pose a reduced risk to the assailant when compared to biological or chemical agents. A bomb delivered in the distribution system (well to user), will require an immediate response and redirection of water to prevent contamination and draining of the system. Fire is another physical hazard and an easy method of destruction. It effectively could damage computer control systems, pumps, motors, and the physical structures. Once a water supply system is reduced, the ability to fight fires is compromised and other critical infrastructure elements become threatened. Reversing the flow of water can be accomplished with a simple vacuum cleaner or bicycle pump. Either is sufficient to push toxins back into the flow and affect nearby businesses or residences. The biggest physical threat is not to the facilities but to the pipes that carry the water. There is no way to totally prevent a back flow attack. These attacks could go unnoticed for days as being the real reason for a contaminated system. The second category of hazards are the biological, chemical and radioactive agent hazards. It takes a very knowledgeable individual or government to produce, deliver and disperse these agents. It has been attempted at some water utilities. Testing for this type of contamination is very expensive and time consuming. There are many ways for a system to be contaminated. However, it is thought that only airborne delivery into reservoirs or back flow pumping would be an effective means of delivery. There are six biological contaminates of greatest concern; botulism, smallpox, anthrax, plague, viral hemorrhagic fevers and tularemia. Clostridium botulinum (botulism) has a very low lethal dose for humans, 0.4 micrograms per person. It is available, naturally or manmade, in seven neurotoxic forms and survives quite well in water. Botulinum toxins are unusual in that they are more toxic when ingested than when inhaled. A dose of 300 organisms per liter with a consumption of 5 liters per day for 7 days is specified. It is easy to grow but difficult to turn into a weapons grade bio-agent. Chlorine at the rate of 0.4 parts per million (ppm) for 20 minutes, sunlight, charcoal or heat greater than 80-degrees centigrade effectively eliminates the neurotoxin. Small amounts of organisms can contaminate large reservoirs or aquifers. Iraq is known to have weapons grade botulism warheads. It is not known if other countries have this ability. Botulism is a highly infectious disease and can be characterized by fever, sweating, malaise, aches and pains with an onset time of three days to several weeks. A biotoxin even as lethal as botulinum must be introduced downstream from treatment facilities and be able to survive contact with chlorine. The quantities required make it impractical for large reservoirs to be contaminated. Variola major (smallpox) is replicated from person to person through contact. A vaccine has not been used since 1980 although one is available and the government has this vaccine stockpiled. The fatal infective dose is measured in organisms and ranges between 10 and 100 organisms per person. It is not know if there is an infective level in drinking water. A one-percent sodium hypochlorite solution is effective in controlling smallpox, however, no reference is made to its tolerance to hypochlorite under usual conditions of drinking water disinfection. The Japanese Army used smallpox organisms for weapons in WWII and both North Korea and Russia have large stockpiles. The virus has been recovered from scab specimens 13 years after collection. Bacillus anthracis (anthrax) is grabbing all the headlines these days and with good reason. It has caused several deaths recently due to inhalation anthrax (inhaling due to organisms in the air). It causes illness in cutaneous and gastrointestinal forms also. Because anthrax can be transmitted among animals through ingestion of spore-contaminated water, it is suspected that humans can be similarly infected. Drinking water contaminated with anthrax at a concentration of 171 spores per liter and ingesting 5L/day for seven days can be fatal. Anthrax spores can live in the soil and water for 40 years or more. The spores are also heat resistant, although water temperature at 95-degrees centigrade for 25-minutes renders them inactive. Filters are effective in removing spores greater than one microgram in size. Chlorine concentration of 10,000 ppm will also decontaminate water and soil. When anthrax is in water, droplets can be inhaled as well as ingested. The Japanese used anthrax against the Chinese. It is known that several countries, U.S., Russia and Iraq have stockpiles. Yersinia pestis (plague) is a disease of rodents. The most common forms are bubonic, septicemic and pneumonic plagues. Once infected, pneumonic plague can be spread by coughing. The organisms can survive in water for 16-days and in moist soil for more than 60 days. An infectious dose is 70 organisms or 2 organisms per liter consumed by drinking 15-liters per day for 7 days. Chlorine dioxide at the rate of 0.25 milligrams per liter is 100% successful in inactivating the spores. Russia had stockpiled a million metric tons during the Cold War. It is not known where the stockpile is today. A number of illnesses are grouped together to form what is called Viral Hemorrhagic Fevers (VHFs). They are yellow fever, dengue fever, Rift Valley fever, Lassa fever, Ebola-Marburg virus and hantavirus, to name a few. Ebola has a fatality rate of between 50-90%. It is usually spread by the urine or feces of infected rodents. The other diseases in this category have varying fatality rates but are also localized to specific areas of the world for the most part. Ebola is the one that may affect us the most. Not much is known about drinking water transmission. All fevers are thought to be inactivated by 1-2% sodium hypochlorite solution and /or a 1% iodine solution. These diseases have not been studied as to their chlorine tolerance. Francisella tularensis (tularemia) is a disease of rodents and is usually spread by ticks. It is common in several states, such as Arkansas, Missouri and Oklahoma. It has been weaponized in aerosol form. Contaminated water has also been used effectively as a transmission agent. There are several types of the disease: pulmonary, glandular, ulceroglandular and typhoidal each has varying fatality rates. The typhoidal form occurs from ingestion of spores. It takes approximately one million organisms for an infection to occur by ingestion. However, an inhalation dose as low as 10-50 organisms will cause the pulmonary form of the disease. This organism can survive in water and mud for months and may even multiply there. Studies have shown that chlorine at the rate of 0.5-2.0 milligrams per liter is ineffective at inactivating the organisms. Higher doses of chlorine are effective, but may also damage piping and create a bad taste to the water. The discussion of the above organisms does not imply that other biological agents are not considered a threat. These are simply the organisms that are considered the greatest and most likely threat to contamination of water systems. The Wisconsin State Hygiene Lab can test for the above biological agents with the exception of smallpox and Ebola. These tests must be conducted at the Center for Disease Control (CDC). Chemical agents are easier to acquire than biological agents and are very easy to place into the water system. They can be back flow pumped in, injected into aquifers or dumped into reservoirs. The limiting factor is the quantity that is required for a large-scale assault on a system. Smaller quantities may be effective in creating panic in the public by limiting the effect to neighborhoods. It is not known what the real effects of a chemical attack on a water supply system would be, but it is speculated that this is a viable form of an attack. Nerve gas pumped into the system from a basement of a house, could come out of the faucets, turn to gas and could cause any person in the near vicinity to at a minimum pass out. Other elements could contaminate the water system but due to color, odor or taste should be easily noticed. Even excess chlorination could cause widespread problems in a system through damage to facilities supply systems, to bad taste and odor in homes or businesses. The third hazard to the water supply systems is cyber-terrorism. Cyber terrorism is the premeditated, politically motivated attack against information computer systems, computer programs and data, which result in violence against noncombatant targets by sub-national groups or clandestine agents. Information technology experts at the Pentagon have labeled cyber-terrorism as the wave of the future and a real concern. Documents found during the current war on terrorism point to the fact that these systems are targeted. The United States has admitted to the use of cyber warfare against targets in the Middle East. Other countries such as China, France, Israel and Russia, are some of the 125 countries that are thought to have this capability. Terrorists seem to have mixed feelings about cyber attacks. They look for economic impact and instilling fear and panic in the citizens at large. Although they have tried this method of attack, they do not feel comfortable with it. Terrorists like immediate success. Water contamination may take several hours to several days. Terrorists may use cyber-terrorism to limit response to other incidents, such as a physical attack on the system in a remote location. By controlling the computer systems, they could hide activities in other areas of the potable water delivery system permitting either destruction or contamination to occur without anyone's knowledge until such attack has succeeded. It is said that people don't know how to lock the door before walking out. We have become creatures of habit. Supervisory Control and Data Acquisition software (SCADA) is generally left turned on at night on the same computers that are hooked up to the Internet. We walk out the door but leave the connections turned on. If your water system is on the same computer as your e-mail, any person anywhere in the world with a computer and a telephone hookup can log onto your computer. Once there, they can modify, delete, move data or shut the whole system down. They can also modify formulas, change passwords and take complete control from a remote location of your water supply system. The technology is there and available free for the asking. Brian Ramaley of the Newport Water Works states, "Water Works have to look at their entire systems, from stem to stern, from headwaters to the customer's tap, and determine where their systems are most vulnerable." Systems are vulnerable for disruption at the computer terminals. Just as with other types of attacks, we need to focus on employees, vandals and terrorists. Disgruntle employees should be a likely focus. They know the systems and the weaknesses. Any attack they initiate could be blamed on terrorists or terrorist countries. Since cyber crime is like tracking water vapor, criminals generally escape without being identified. If your system is computer controlled, have you initiated manual operations as a means to test your response to a system shutdown? One of the big flaws is that as we rely on this type of technology, we loose focus on how manual operations work. In 1997 as a test, the government hired 35 people using tools easily obtainable from the Internet to initiate attacks against 38,000 cyber targets. Only 4% of the targets realized they were under attack and only 1 of every 150 that did, reported it. A very dismal result. Former President Clinton in 1996 stated, "Open borders and revolutions in technology have spread the message and the gifts of freedom, but have also given new opportunities to freedom's enemies. We must be ready if our adversaries try to use computers to disable power grids, banking, infrastructure systems [including water], etc." It is easy to gain access to systems. Fred Schneider of Cornell University stated, "Although the press plays up the security aspect of hacker problems, the other aspect is that the systems are just not built very reliably. It is just as easy for operators to make errors as a gopher chewing on a wire to take out a large piece of the infrastructure." Using the Internet, a terrorist can affect wider damage than by killing people, can shut off power, affect water supplies in a large area, disrupt transportation, etc. The Irish Republic Army had computer-oriented cells that attacked power grids in London. Osama Bin Laden has computer experts that broke the codes in the White House. Terrorists took over a military satellite in England. A mob boss was gunned down outside a restaurant, but lived. His assailants, unknown still, remotely accessed his medical records in the hospital and altered his medication. The computer basically assassinated him. The nurse who administered what was on the chart had her life altered forever. Along with damage or modified data, one can also spread rumors such as; don't drink the water in such and such a country. Thousands of people can read these rumors almost instantly and pass them on for years. As you follow a hacker around the Internet they can turn around and follow you, correcting errors they made in the first pass making their track continuously more difficult to follow. It is estimated that there are around a thousand quality hackers in the world. Many recently have been advertising their skills for sale. It used to be that these hackers would attack systems for the fun of it, now they realize that there is big money to made working for rogue states. These problems are becoming compounded by the domination of telecommunications by phone companies and Internet service providers that do not trust each other. There is no way to improve a system that is built on suspicion. Another problem is that many utilities place the SCADA and security systems on the same computer on which they access the Internet. The attackers thus have the benefit of a two for one attack. Computers are very cheap these days and there is no excuse to have both systems on the same computer. Additionally, law enforcement is about 5-10 years behind the cyber crime curve. The hackers today are continuously improving software for accessing systems. Encryption software is highly protected by the U.S. but that only assists hackers in improving their skills. What can we do?
|
Biography Norm Arendt, PhD, is an authorized OSHA instructor in General Industry and Construction, a Certified Fire Explosion Investigator/Instructor and a computer security expert. He has received bioterrorist training as a member of the Shorewood Hills Fire Department. He is the Corporate Safety Director for Short Elliott Hendrickson, Inc., and works out of our Madison, Wisconsin office.
|
About Us | Careers | |Services | News |
Media Room
Information Post | Subsidiaries | Online
Projects | Bidding Documents
Contact SEH
Maps/Addresses/Phone Numbers
Privacy
Policy | Site Map | Advanced Search
| Previous Page
©2008 Short Elliott Hendrickson Inc. All Rights Reserved.